autho 0.0.1

package/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "autho",
+  "version": "0.0.1",
+  "main": "index.js",
+  "type": "module",
+  "bin":{
+    "autho": "./cli/bin.js"},
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "commander": "^12.0.0",
+    "conf": "^12.0.0",
+    "inquirer": "^9.2.17",
+    "inquirer-autocomplete-standalone": "^0.8.1",
+    "joi": "^17.12.2",
+    "otpauth": "^9.2.2"
+  },
+  "devDependencies": {},
+  "description": "Open Source Authentication and Password Management Tool"
+}

package/src/Readme.md

@@ -0,0 +1,63 @@
+# Autho: Open Source Authentication and Password Management Tool
+
+Autho is an open-source, self-hosted alternative to services like Authy, providing One-Time Password (OTP) generation and password management functionalities. With Autho, users can securely manage their authentication tokens and passwords while maintaining full control over their data.
+
+## Features
+
+- **OTP Generation**: Autho allows users to generate One-Time Passwords (OTPs) for two-factor authentication (2FA) using industry-standard algorithms.
+  
+- **Password Management**: Autho provides a secure vault for users to store and manage their passwords, ensuring easy access and strong encryption.
+
+- **Self-Hosted**: Autho can be self-hosted, giving users complete control over their data and eliminating reliance on third-party services.
+
+- **Open Source**: Autho is open-source software, allowing users to inspect, modify, and contribute to its codebase, ensuring transparency and security.
+
+## Installation
+
+To install Autho globally, use npm:
+
+```sh
+npm install -g autho
+```
+
+## Usage
+
+After installing Autho, you can run the `autho` command in your terminal to access its functionalities:
+
+This will start the Autho CLI, where you can generate OTPs, manage passwords, and configure settings as needed.
+
+## Getting Started
+
+1. **Setting Up Autho**: After installation, run the `autho` command to set up Autho for the first time. Follow the on-screen instructions to configure your master password and other settings.
+
+2. **Generating OTPs**: Use Autho to generate OTPs for your accounts by providing the associated account name or label. Autho will generate a time-based OTP using a secure algorithm.
+
+3. **Managing Passwords**: Autho provides a secure vault for storing and managing your passwords. You can add, view, update, and delete passwords using the CLI interface.
+
+4. **Self-Hosting**: If you prefer self-hosting, deploy Autho on your own server by following the instructions provided in the documentation.
+
+## Security Considerations
+
+- **Encryption**: Autho employs strong encryption algorithms to protect user data, ensuring that passwords and OTPs are securely stored.
+
+- **Master Password**: Users are required to set a master password during setup, which is used to encrypt and decrypt their data. Choose a strong and unique master password to enhance security.
+
+- **Self-Hosting**: By self-hosting Autho, users maintain control over their data and reduce reliance on external services, minimizing the risk of data breaches.
+
+- **Regular Updates**: Keep Autho and its dependencies up to date to ensure that security vulnerabilities are addressed promptly.
+
+## Contributing
+
+Autho is an open-source project, and contributions are welcome! Feel free to report issues, suggest features, or submit pull requests on the project's GitHub repository.
+
+## License
+
+Autho is licensed under the [MIT License](link-to-license), allowing for unrestricted use, modification, and distribution.
+
+## Support
+
+For support or inquiries, please reach out to the [official Autho community](link-to-community) for assistance.
+
+## Acknowledgments
+
+Autho is built upon various open-source libraries and technologies. We extend our gratitude to the developers and contributors of these projects.

package/src/cli/bin.js

@@ -0,0 +1,111 @@
+#!/usr/bin/env node
+
+import { Command } from "commander";
+import chalk from "chalk";
+import { prompt, ask } from "./utils.js";
+import Config from "../sdk/config.js";
+import Cipher from "../sdk/cipher.js";
+import createSecret from "./wizards/createSecret.js";
+import Secrets from "../sdk/secrets.js";
+import OTP from "../sdk/otp.js";
+
+const program = new Command();
+
+const getSecret = async (config) => {
+  const existingSecrets = config.get("secrets", []);
+  const choices = existingSecrets.map((secret) => ({
+    value: secret.id,
+    name: secret.name,
+  }));
+
+  const { id: secretId } = await prompt({
+    name: "id",
+    message: "Secrets:",
+    type: "list",
+    choices,
+    required: true,
+  });
+
+  const secrets = new Secrets(config);
+  const secret = await secrets.get(secretId);
+
+  if (!secret) {
+    throw new Error("Secret not found");
+  }
+
+  return secret;
+};
+
+program
+  .name("autho")
+  .description("Secrets manager")
+  .version("0.0.1")
+  .option("-p, --password <password>", "Master password")
+  .action(async (args) => {
+    try {
+      const masterPassword = args.password
+        ? args.password
+        : await ask({
+            name: "masterPassword",
+            message: "Password:",
+            type: "password",
+            required: true,
+          });
+      const masterPasswordHash = Cipher.hash(masterPassword);
+      const config = new Config({ encryptionKey: masterPasswordHash });
+      let salt = config.get();
+
+      if (!salt) {
+        salt = Cipher.random();
+        config.set("salt", salt);
+      }
+
+      let choices = [
+        { value: "create", name: "Create new secret" },
+        { value: "read", name: "Read secret" },
+        { value: "delete", name: "Delete secret" },
+      ];
+
+      const { action } = await prompt({
+        name: "action",
+        type: "list",
+        choices,
+        required: true,
+      });
+      switch (action) {
+        case "create":
+          await createSecret(config, masterPasswordHash);
+          break;
+
+        case "read":
+          const readSecret = await getSecret(config);
+    
+            switch (readSecret.type) {
+              case "otp":
+                const otp = new OTP(config, readSecret, masterPasswordHash);
+                console.log(otp.generate());
+                setTimeout(() => {
+                  console.log("Expired");
+                  process.exit(0);
+                }, 30000);
+                break;
+            }
+          
+          break;
+        case "delete":
+            const deleteSecret = getSecret(config);
+            const secrets = new Secrets(config);
+            secrets.remove(deleteSecret.id)
+          break;
+      }
+    } catch (error) {
+      console.log(
+        chalk.redBright("Something went wrong, Error: "),
+        error.message
+      );
+      console.log(error.stack);
+      process.exit(1);
+    }
+  });
+
+program.parse();

package/src/cli/utils.js

@@ -0,0 +1,15 @@
+import inquirer from "inquirer";
+
+export const prompt = inquirer.prompt;
+
+export const ask = async ({ name = "", message = "", type = "input" }) => {
+  const answers = await inquirer.prompt([
+    {
+      name,
+      message,
+      type,
+    },
+  ]);
+
+  return answers[name];
+};

package/src/cli/wizards/createSecret.js

@@ -0,0 +1,55 @@
+import { prompt } from "../utils.js";
+import Secrets from "../../sdk/secrets.js";
+
+const wizard = async (config, masterPasswordHash) => {
+  const info = await prompt([
+    {
+      name: "name",
+      message: "name:",
+      type: "input",
+      required: true,
+    },
+    {
+      name: "type",
+      message: "type:",
+      type: "choice",
+      default: "otp",
+      choices: ["otp"],
+      required: true,
+    }
+  ]);
+
+  let newSecret = {};
+
+  switch (info.type) {
+    case "otp":
+        const secret = await prompt([
+            {
+                name: "username",
+                message: "username:",
+                type: "input",
+                required: true,
+              },
+            {
+              name: "value",
+              message: "value:",
+              type: "password",
+              required: true,
+            },
+          ]);
+          newSecret = {
+            name: info.name,
+            type: info.type,
+            value: secret.value,
+            typeOptions: {
+              username: secret.username,
+            },
+          };
+      break;
+  }
+
+  const secrets = new Secrets(config);
+  await secrets.add(newSecret, masterPasswordHash);
+};
+
+export default wizard;

package/src/models/Secret.js

@@ -0,0 +1,12 @@
+import Joi from 'joi';
+import Cipher from "../sdk/cipher.js";
+
+export const createSecretSchema = Joi.object({
+    id: Joi.string().default(Cipher.random()), 
+    protected: Joi.boolean().default(false), // ask for password
+    name: Joi.string().required(),
+    type: Joi.string().required().valid('otp'),
+    value: Joi.string().required(),
+    typeOptions: Joi.object().default({}),
+    createdAt: Joi.date().default(new Date()),
+})

package/src/sdk/cipher.js

@@ -0,0 +1,50 @@
+import crypto from "crypto";
+
+export default class Cipher {
+  constructor(config) {
+    this.config = config;
+    this.salt = config.get("salt", "");
+  }
+
+  static hash(text) {
+    const hash = crypto.createHash("sha256");
+    hash.update(text);
+
+    return hash.digest("hex");
+  }
+
+  static random() {
+    const rnd = crypto.randomBytes(16).toString("hex");
+
+    return rnd;
+  }
+
+  static createKey(salt="") {
+    const rnd = Cipher.random(salt)
+
+    return Cipher.hash(salt+rnd);
+  }
+
+  encrypt(text, password) {
+    const publicKey = Cipher.createKey(this.salt);
+    const cipher = crypto.createCipher(
+      "aes-256-cbc",
+       publicKey + password
+    );
+    let encrypted = cipher.update(text, "utf8", "hex");
+    encrypted += cipher.final("hex");
+
+    return { publicKey, encrypted };
+  }
+
+  decrypt(encryptedText, publicKey, password) {
+    const decipher = crypto.createDecipher(
+      "aes-256-cbc",
+      publicKey + password
+    );
+    let decrypted = decipher.update(encryptedText, "hex", "utf8");
+    decrypted += decipher.final("utf8");
+
+    return decrypted;
+  }
+}

package/src/sdk/config.js

@@ -0,0 +1,20 @@
+import Conf from "conf";
+
+export default class Config {
+    constructor({
+        encryptionKey,
+        configName='default'
+    }) {
+        this.config = new Conf({ projectName: "autho", encryptionKey, configName });
+    }
+
+    get(key, defaultValue) {
+        return this.config.get(key, defaultValue);
+    }
+
+    set(key, value) {
+        this.config.set(key, value);
+    }
+
+}
+

package/src/sdk/otp.js

@@ -0,0 +1,26 @@
+import * as OTPAuth from "otpauth";
+import Cipher from "./cipher.js";
+
+export default class OTP {
+  constructor(config, secret, password) {
+    const cipher = new Cipher(config);
+    const options = {
+      issuer: "ACME",
+      label: secret.name,
+      algorithm: "SHA1",
+      digits: 6,
+      period: 30,
+      secret: cipher.decrypt(secret.value, secret.publicKey, password),
+    };
+
+    this.totp = new OTPAuth.TOTP(options);
+  }
+
+  generate() {
+    return this.totp.generate();
+  }
+
+  validate(token, window = 1) {
+    return this.totp.validate({ token, window });
+  }
+}

package/src/sdk/secrets.js

@@ -0,0 +1,38 @@
+import { createSecretSchema } from "../models/Secret.js";
+import Cipher from "./cipher.js";
+
+export default class Secrets {
+  constructor(config) {
+    this.config = config;
+    this.cipher = new Cipher(config);
+  }
+
+  get secrets() {
+    return this.config.get("secrets", []);
+  }
+
+  set secrets(value) {
+    this.config.set("secrets", value);
+  }
+
+  async get(id) {
+    return this.secrets.find((secret) => secret.id == id);
+  }
+
+  async add(secret, password) {
+    const { value, error } = createSecretSchema.validate(secret);
+    if (error) {
+      throw new Error(error);
+    }
+
+    const { publicKey, encrypted } = this.cipher.encrypt(value.value, password);
+    value.value = encrypted;
+    value.publicKey = publicKey;
+
+    this.secrets = [...this.secrets, value];
+  }
+
+  async remove(id) {
+    this.secrets = this.secrets.filter((secret) => secret.id != id);
+  }
+}